In today's technological society, the Internet is quickly becoming the preferred medium for communicating data to a broad spectrum of end-users ranging from private individuals to large multi-national corporations. Such end-users routinely employ the Internet to access and distribute information, as well as to conduct personal business. An ever-growing number of individuals, organizations and businesses have established a presence on the Internet through “Web pages” on the World-Wide Web (“the Web”).
As the Internet has become more and more important in transporting data and information content between users, attacks on computer networks, in the form of computer viruses and rogue applications, have become more evident, as well. Computer viruses and rogue applications may be introduced to remote network devices by simply downloading either data or information content from unregulated computer networks or systems. Even though existing scanning utilities that are typically installed on end-usersystems are though existing scanning utilities that are typically installed on end-usersystems are designed to solve a number of integrity issues, they still have several known disadvantages and problems. More specifically, infected files may still reach an end-user's system by being downloaded from the network or copied from an external storage device without the user's knowledge. The infected files typically reside undetected on the end-user's system for a long period of time or at least until the next time a system scan is completed. In the meantime, infected files may be inadvertently passed to other end-users or computer networks. Another potential problem is that end-users forget to leave virus-checking software running, thereby allowing infected data to infiltrate their system undetected. Moreover, even if an end-user is diligent about periodically scanning his or her system, the virus scanning software used could be outdated.
Therefore, it is important to reliably preserve network integrity in today's ubiquitous Internet society. The gateway to such an environment must be capable of providing rich access control functionality while having the ability to restrict access if it would compromise network integrity.
U.S. Pat. No. 6,088,803 issued to Tso et al. (hereafter Tso) discloses one example of a known system. The system disclosed by Tso scans data objects for viruses before transmitting the objects to a remote network computer, thus, ensuring that a virus-infected data object is never delivered to a client or end-user that has requested such data or information content. However, this system does not prevent a client or end-user system from potentially infecting the network by transmitting an infected data object back to the network.
Similarly, U.S. Pat. No. 6,266,774 issued to Sam path et al. (hereafter Sam path) is directed to an integrity scheme that is downloaded to remote network devices. The downloaded software performs the necessary scanning operations and virus detection after being downloaded to the client or remote device. Thus, the purpose of such a system disclosed in Sam path is to deliver security/management software to remote devices on demand.
Thus, there appears to be a need for a reliable client integrity scheme that can consistently regulate access to network services or resources based on the observed integrity properties of remote network devices requesting access.